CmsWing source code analysis user authentication

Keywords: Javascript


The last observation of the user log is ended

Today, let's analyze the auth.js file

File location: controller/admin/auth.js

  The amount of file information this time is not small, so it is decided to allocate analysis


Rule update

User Group Management Homepage

Member management

Administrator user group data write / update

Rule update

First, the function is constructed and initialized

Rule updating involves updating and deleting nodes

The nodes to be added will be located in nodes

The nodes to be updated and deleted must be located in rules

To add a new node, you only need to determine that this node does not exist on this page

The steps of updating and deleting nodes are slightly more complex

First, take out all the status of the node

Second, search, replace and update a node according to the conditions

async updaterules() {
    const nodes = await this.returnnodes(false);
    const AuthRule = this.model('auth_rule');
    const map = {'module': 'admin', 'type': ['in', [1, 2]]};
    const rules = await AuthRule.where(map).order('name').select();

Initializes a data array that holds new nodes that need to be inserted and updated

Then process the nodes in nodes:

Traverse to get the url and title of each node, save them in the temporary array, and set the module item obtained from the temporary array to 'admin'

Then, according to the judgment result of whether this is a child node, the type of the array is selectively assigned 1 or 2

Then assign all the status items of the array to 1

At this point, our url can be calculated, that is, the original url plus the title plus the type just obtained will be a lowercase conversion version

Finally, store the url in a temporary array

    const data = {};
nodes.forEach(value => {
      const temp = {}; = value.url;
      temp.desc = value.title;
      temp.module = 'admin';
      if ( > 0) {
        temp.type = 1;
      } else {
        temp.type = 2;
      temp.status = 1;
      let url = + temp.module + temp.type;
      url = url.toLocaleLowerCase();
      data[url] = temp;

Save the node to be updated and the id of the node to be deleted

As in the node method, traverse to get the name, module and type in the rules, and convert them into a new variable named kye

If the rule in the database matches the configured node, it indicates that it is the node to be updated

At this time, supplement the id value for the node to be updated

In the previously prepared update array, write the node id value to be updated

const update = [];
    const ids = [];
    const diff = {};
    rules.forEach((rule, i) => {
      let key = + rule.module + rule.type;
      key = key.toLocaleLowerCase();
      if (!think.isEmpty(data[key])) { 
        data[key].id =;
        delete data[key];
        delete rule.condition;
        diff[] = rule;
      } else {
        if (rule.status == 1) {

Finally, do some processing of the received errors

if (!think.isEmpty(update)) {
      update.forEach(row => {
        if (!isObjectValueEqual(row, diff[])) {
    if (!think.isEmpty(ids)) {
      AuthRule.where({id: ['IN', ids]}).update({'status': -1});
    if (!think.isEmpty(data)) {

    return true;

User Group Management Homepage

The familiar operation is similar to the user log list view in the previous analysis

First, the list is obtained by conditional search, and then the elements in the list are extracted one by one

Finally, it is displayed on the page entitled "member management group"

async indexAction() {
    const list = await this.model('member_group').order('sort ASC').select();
    for (const v of list) {
      v.count = await this.model('member').where({groupid: v.groupid, status: 1}).count('id');
    this.assign('list', list);
    this.meta_title = 'Member group management';
    return this.display();

Member management

First, you need to get the user ID of this page, that is, the condition is role ID and the model is' auth '_ user_ Data of role '

Initialize a userdata to save user data later

As long as the ID of the successful user is obtained, the data of the member can be searched and then transferred to userdata

Therefore, the data in userdata can be easily modified by the operator

async userlistAction() {
    const id = this.get('id');
    const userid = await this.model('auth_user_role').where({role_id: id}).getField('user_id');
    let userdata;
    if (!think.isEmpty(userid)) {
      userdata = await this.model('member').where({id: ['IN', userid]}).select();
      for (const v of userdata) {
        const role_id = await this.model('auth_user_role').where({user_id:}).getField('role_id', true);
        v.role = await this.model('auth_role').where({id: role_id}).getField('desc', true);

    this.assign('userlist', userdata);
    this.meta_title = 'Member management'; = 'admin/auth/index';
    return this.display();

Administrator user group data write / update

Following the above, the specific modification method is shown here

id is a parameter that needs to be obtained to ensure that the same person is modified without random modification

At the same time, you need to ensure that the person who is modifying is an administrator, not anyone

Feedback on this after a successful update

async writeroleAction() {
    const map = {};
    map.rule_ids ='rules');
    if (think.isArray(map.rule_ids)) {
      map.rule_ids = map.rule_ids.sort(function(a, b) { return a - b }).join(',');
    map.module = 'admin';
    map.type = 1;
    const id ='id');
    const role = this.model('auth_role');
    await role.where({id: id}).update(map);
    return this.success({name: 'Update succeeded'});

Posted by afhouston on Fri, 03 Dec 2021 08:11:52 -0800